Field of the Invention
Embodiments of the invention relate methods and devices for ensuring the security of a fingerprint related to a certificate, even when it is transmitted through multiple networks with different network operators.
Background of the Art
In communication networks, in particular Voice over IP communication networks, a communication link or connection is often controlled by the SIP (Session Internet Protocol). For transferring data streams or multimedia data streams, i.e., user information or video and/or speech information, the RTP (Real-Time Protocol) is used. The RTP is defined in RFC standard 1889 and since 2003 in RFC standard 3550. Due to increased security requirements, data streams have long been transmitted in encoded form, and the secured RTP (SRTP) used for this is described in RFC standard 3711. The SRTP requires common private keys that are exchanged with an appropriate protocol and such protocols are known in the industry as key management protocols.
A well-known key management protocol is the MIKEY protocol, which is defined in RFC standard RFC 3830 and is embedded in the signaling protocol SIP.
Another key management protocol is the DTLS-SRTP (Data Transport Layer Security-Secure Transport Protocol). The DTLS protocol is based on the TLS (Transport Layer Security) protocol and is an encoding protocol for data transfers over the Internet. The DTLS protocol can also be substituted for less reliable protocols such as the UDP (User Datagram Protocol). The DTLS-SRTP is applied within user data channels or media data channels, and the key exchange is authenticated by certificates and the associated private keys. Rather than being signed by a trusted PKI (Public Key Infrastructure) authority, the certificates are signed by each terminal point or device itself. Certificates of this type are not adequate for authenticating terminals covered by the key management protocol, because there is no trust relationship with a common security anchor. To ensure authentication by the device with which a communication connection is planned, one or more pieces of security information, known in the industry as fingerprints, is or are generated and transmitted within the SIP message. Each fingerprint is related to a particular public key or to a certificate and usually represents the hash value of a hash function applied to the public key or certificate. The hash value is a short numerical sequence that is separate from the public key or certificate but clearly identifies the public key. The fingerprint is secured within the SIP message by a signature—according to RFC standard 4474, for example—which is generally used to secure the header and the SIP body, such that the SIP body represents the user data portion of an SIP message in which the information to be transmitted for user and media data is transferred.
For an SIP message, in particular an INVITE message, the key information carried in a media channel is authenticated, using a key management protocol, by at least one certificate signed by the terminals, and in the body of an SIP message, at least one fingerprint of the certificate is inserted for authenticating the key information to be transmitted. In the header of an SIP message, according to the SIP, a piece of date information, a piece of certificate reference information, and a piece of identify information for the terminal generating the SIP message are inserted.
The quality of the end-to-end security of user and media data depends upon the authentication of the fingerprint. If SIP messages are transmitted over networks with multiple carriers or network operators, the contents of SIP messages are changed; an example is the changes made to transport addresses in each network operator's session board controllers. In such cases, the SIP identity signature as described in RFC standard 4474 is no longer valid and must be regenerated by each network operator. This opens up the possibility for an attack on the authenticity of the fingerprint, in which the certificate's fingerprint is replaced in the intervening network operators' switching networks by a fingerprint for a certificate that is assigned to the network operator's intervening switching network.